DEVOPSdigest

ShiftLeft announced that its Intelligent-SCA product added scanning and attackability analysis for JavaScript (JS) and the TypeScript (TS) language to the ShiftLeft CORE platform.

JavaScript is the most widely used programming language and is also a frequent attack target for cybercriminals seeking to exploit vulnerabilities in open source code and the software supply chain.

Development teams using JavaScript frequently add functionality to their code by quickly writing new code or borrowing it from open source libraries like npm or reusing existing libraries and code modules on GitHub. Because JavaScript is a dynamic language and something of a “Swiss Army Knife” working on both the front-end and the server side, developers often move quickly to write quick fixes or hacks that create longer term vulnerabilities. Equally challenging, open source Javascript libraries frequently contain vulnerabilities that create unknown risk for the application. When the introduced risks are serious, it can require months of remediation work to identify and address all the risk ramifications.

By adding JavaScript coverage, ShiftLeft dramatically expanded the ability of Application Security (AppSec) teams to shift security left by providing detailed and accurate guidance to development teams on which vulnerabilities in web applications and JavaScript-driven frameworks can be proven to result in damaging attacks.

With the new product capabilities, ShiftLeft offers the following benefits:

- Software composition analysis solution (SCA) that accurately prioritizes JS/TS open source vulnerabilities by attackability with pre-production scans

- SAST solution that accurately identifies attackable JS/TS vulnerabilities in first-party code with pre-production scans

“By adding JavaScript coverage, ShiftLeft can dramatically expand the percentage of application code covered with attackability insights,” says Alok Shukla, VP Products, ShiftLeft. “As the most popular language playing a critical role in the global web and application infrastructure, JavaScript security will become even more important as the pace and severity of attacks on applications and the open source supply chain - much of which is written in JavaScript — increase over the course of 2022.”

The addition of JS/TS coverage further cements ShiftLeft as a comprehensive and authoritative provider of Application Security testing and attackability analysis. Application security teams and developers using ShiftLeft are able to close more security gaps at a faster pace and spend more time focusing on the issues that matter thanks to the unique ability of ShiftLeft to spotlight attackable vulnerabilities and clearly identify low-risk theoretical vulnerabilities.